On Feb 6, 2014, at 10:34 AM, LuKreme <[email protected]> wrote: > It can be hard to find the source of UDP issues. > > Start turning things off that you are running. The first suspect is DNS, but > since you aren’t running that, check things like ntp. Do a port scan on your > own machine and see what’s open. Drop into the Terminal and look at the > output of ps auxww | more carefully. Check /tmp and /var/tmp. See if there’s > a spurious /var/temp with stuff in it. > > Do you run a webserver? Maybe something like awstats, phpBB, webmin, or > wordpress? Is everything updated? > > Also, what is “a lot” of UDP packets? Are you sure what you think is a lot is > really a lot? What does the activity monitor on your system show for network > traffic?
So I started to look at nto, and as I continue to work on this, it appears that I may have been compromised by an NTP monist DDoS. By "a lot" I mean something on the order of 2 TB of data in 10 days. I do have wordpress running on this machine--fully updated, and I also run communigate pro, also fully updated. I've added the following to /etc/ntp.conf : restrict default kod nomodify notrap nopeer noquery (found here: <https://www.us-cert.gov/ncas/alerts/TA14-013A> and kill HUP'd ntpd and I'm watching now to see how things progress. I'm remote from the box in question and the firewall here blocks all access except SSH. Thanks again for all the assistance and suggestions. I _hope_ I'm on to something with all of your help. /david -- david herren-lage - shoreham, vt us na terra solsys orionarm Politics is the art of looking for trouble, finding it, misdiagnosing it and then misapplying the wrong remedies. -Groucho Marx _______________________________________________ MacOSX-admin mailing list [email protected] http://www.omnigroup.com/mailman/listinfo/macosx-admin
